In the IT and software services industry, data transfer, digital services tax (DST), and cloud regulations have emerged as key issues in the FTA environment, surpassing traditional trade in goods.
The global IT services market is projected to grow at an average annual rate of 7-9% between 2025 and 2026, driven by AI, cloud computing, and cybersecurity. However, differences in cross-border data transfer regulations and the effectiveness of digital trade agreements (FTAs and DEPAs) will be key to competitiveness.
Risk factors | 2025-2026 Outlook | Influence (1~5) | Implications |
|---|---|---|---|
| Digital Tax (DST) | OECD negotiations are delayed, and individual country-specific impositions continue. | 4 | Review of tax transparency provisions in the Korea-EU FTA |
| Data transfer restrictions | Differences such as GDPR and China CSL | 5 | Standards utilizing DEPA and IPEF are needed. |
| Cloud localization regulations | Expanding the public and financial center | 3 | Review of regional data center construction |
| AI Ethics and Responsibility | Strengthening AI Acts and Guidelines in Each Country | 3 | The Need for Global AI Governance |
| Cybersecurity | Increased supply chain and RaaS (attack-as-a-service) risks | 4 | The need to expand ISO27001 and SOC2 certification |
IT and software are centered on trade in intangible assets (digital trade) rather than physical goods. Therefore, the core of FTA utilization lies in service market opening, procurement, and data transfer
, rather than traditional tariff benefits. The Korea-US, Korea-EU, DEPA, and IPEF agreements include provisions for data protection, electronic signatures, and online consumer protection, and corporate certification (ISO and SOC) and easing of cross-border cloud access regulations are expected to have a tangible impact.
field | FTA applicability | Major challenges | Management Points |
|---|---|---|---|
| Cloud/SaaS | High level of market openness | Localization obligations and data transfer restrictions | Utilizing DEPA standards and securing local DCs |
| AI·SW service | IPR and copyright provisions are important | Imbalance in copyright protection | Utilizing the EU-ROK Intellectual Property Chapter |
| Data Management and Security | Standard difference | Parallel ISO/SOC/GDPR certification | Standard Compliance and Logging Management |
| IT procurement services | The existence of barriers to entry into the procurement market | Need a local partner | Utilizing FTA procurement provisions and public bidding |
The IT and software industries vary across countries in terms of digital trade provisions, data regulations, and access to procurement.
The EU is based on GDPR, the US on free movement of data, and ASEAN is strengthening regional cloud regulations.
market | Major regulations | Data transfer standards | Accessibility to public procurement | Comments |
|---|---|---|---|---|
| USA | CLOUD Act, AI Transparency | Principle of free transfer | open | SaaS and security service exports are advantageous. |
| EU | GDPR, AI Act | Strict adequacy assessment | middle | The need for privacy protection and AI ethics |
| china | CSL·PIPL | Limited transfer allowed | limits | Localization is essential |
| ASEAN | DEPA·DTP-based cooperation | Standardization in progress | gradual | Advantageous use of RCEP+DEPA combination |
| japan | CBPR·OECD compliance | Free transfer allowed | Open | DEPA partnerships can be strengthened |
Although not directly subject to CBAM, the IT and software industries are facing increasing ESG demands in areas such as energy use, data center carbon footprint, and digital accountability (algorithmic accountability) .
System/Issue | Core requirements | Influence (1~5) | react |
|---|---|---|---|
| Digital Carbon Emissions | Data Center and AI Computing Energy Efficiency | 4 | Building PUE, RE100, and LCA data |
| AI ethics legislation | Transparency and Accountability Requirements | 3 | Explainable AI and Ethics Reporting System |
| Data Protection | Personal Information Protection and Security Certification | 5 | ISO27001·GDPR·SOC2 parallel |
| Public Procurement ESG | Supply Chain Transparency and Labor Conditions | 3 | ESG Risk Management System |
Korea: AI, Cloud, and Cybersecurity R&D Hub, Northeast Asia Data Trade Platform
The US and the EU: Expanding cooperation based on DEPA and GDPR adequacy, establishing SaaS and AI service export hubs.
ASEAN: Jointly Building Cloud Infrastructure and Localizing Services Through Local Partners
Middle East: Expanding new markets focused on smart city, eGov, and fintech collaboration.
News sentiment (α), global IT service index (β), and sector sentiment (λ) combined. Positive trends
continue due to increased exports of AI, cloud, and security services and expanded data center investment .
variable | Δ(%) or exponent | analysis |
|---|---|---|
| ΔExport_now | +2.6 | Increase in cloud and SaaS exports |
| ΔImport_now | +1.3 | Increased adoption of global solutions |
| ΔPrice_now | +0.4 | Premium subscription price increase |
| ΔSignal_now | +0.031 | Digital Trade News and Positive Emotions |
| ΔFTAEffect | +0.34 | Effects of DEPA and FTA data provisions |
| Forecast_3M | +0.53 | 3-month outlook for moderate growth |
Formula (summary): Forecast_3M = 0.5·ΔSignal + 0.3·ΔFTAEffect + 0.2·ΔPrice
field | Suggestion | Executor | Expected effect |
|---|---|---|---|
| Digital Trade Standards | Establishing data transfer standards within DEPA and IPEF | Trade Headquarters and Ministry of Science and ICT | Ensuring digital trade stability |
| Cloud Authentication | Establishment of a global mutual recognition system (ISO·SOC) | KISA·Ministry of Trade, Industry and Energy | Improving Accessibility to Overseas Procurement |
| AI Legislation Response | Establishing an ethics and responsibility framework | Ministry of Science and ICT·NIA | Enhancing regulatory predictability and trust |
| Cybersecurity exports | Institutionalization of a fast-track security certification system | Ministry of Trade, Industry and Energy·KOTRA | Simplification of export procedures |
| ESG·Energy | RE100·PUE Incentive System | Ministry of Environment and Ministry of Trade, Industry and Energy | Strengthening sustainability and procurement competitiveness |
The effectiveness of FTAs in the IT and software service industries lies in the sum of data transfer, regulatory harmonization, and procurement liberalization, rather than tariff reduction .
Forecast_3M: +0.53 — Continued growth driven by AI, cloud, and security.
Recommended strategies: ① Actively utilize DEPA and IPEF. ② Securing global security and personal information certification. ③ Digital carbon management. ④ Establishing responsible AI governance.
